kantord / LibreLingo

🐢 🌎 📚 a community-owned language-learning platform
https://librelingo.app
GNU Affero General Public License v3.0
1.97k stars 215 forks source link

chore(deps): bump next from 14.2.3 to 14.2.10 #3402

Open dependabot[bot] opened 2 months ago

dependabot[bot] commented 2 months ago

Bumps next from 14.2.3 to 14.2.10.

Release notes

Sourced from next's releases.

v14.2.10

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Credits

Huge thanks to @​huozhi and @​ijjk for helping!

v14.2.9

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Revert "Fix esm property def in flight loader (#66990)" (#69749)
  • Disable experimental.optimizeServer by default to fix failed server action (#69788)
  • Fix middleware fallback: false case (#69799)
  • Fix status code for /_not-found route (#64058) (#69808)
  • Fix metadata prop merging (#69807)
  • create-next-app: fix font file corruption when using import alias (#69806)

Credits

Huge thanks to @​huozhi, @​ztanner, @​ijjk, and @​lubieowoce for helping!

v14.2.8

What's Changed

[!NOTE]
This release is backporting bug fixes and minor improvements. It does not include all pending features/changes on canary.

Support esmExternals in app directory

  • Support esm externals in app router (#65041)
  • Turbopack: Allow client components from foreign code in app routes (#64751)
  • Turbopack: add support for esm externals in app dir (#64918)
  • other related PRs: #66990 #66727 #66286 #65519

Reading cookies set in middleware in components and actions

  • initialize ALS with cookies in middleware (#65008)
  • fix middleware cookie initialization (#65820)
  • ensure cookies set in middleware can be read in a server action (#67924)
  • fix: merged middleware cookies should preserve options (#67956)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kantord/LibreLingo/network/alerts).
stacklok-cloud-staging[bot] commented 2 months ago

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 833fcb3a:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0
stacklok-cloud-staging[bot] commented 4 days ago

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @next/env

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.8 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1895 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300467 |

📦 Dependency: @next/swc-darwin-arm64

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.6 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1643 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299727 |

📦 Dependency: @next/swc-darwin-x64

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Provenance | verified_provenance_match | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Trust-summary | 8.6 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1639 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299729 |

📦 Dependency: @next/swc-linux-arm64-gnu

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.6 | | User activity | 9.2 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1522 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299790 |

📦 Dependency: @next/swc-linux-arm64-musl

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.6 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1521 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299809 |

📦 Dependency: @next/swc-linux-x64-gnu

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Package activity | 9.6 | | Trust-summary | 8.6 | | Provenance | verified_provenance_match | | User activity | 9.2 | | Repository activity | 10 | | From | activity |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1638 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299901 |

📦 Dependency: @next/swc-linux-x64-musl

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.6 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1507 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299924 |

📦 Dependency: @next/swc-win32-arm64-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Provenance | verified_provenance_match | | Trust-summary | 8.4 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1520 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299998 |

📦 Dependency: @next/swc-win32-ia32-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Provenance | verified_provenance_match | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Trust-summary | 8.6 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1464 | | Number of git tags or releases | 721 | Versions matched to tags or releases | 374 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=142737793 |

📦 Dependency: @next/swc-win32-x64-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Provenance | verified_provenance_match | | Trust-summary | 8.6 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1636 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300052 |

📦 Dependency: next

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 2836 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 403 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300415 |
stacklok-cloud-staging[bot] commented 1 day ago

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @next/env

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1895 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300467 |

📦 Dependency: @next/swc-darwin-arm64

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1643 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299727 |

📦 Dependency: @next/swc-darwin-x64

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Trust-summary | 8.7 | | Provenance | verified_provenance_match | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1639 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299729 |

📦 Dependency: @next/swc-linux-arm64-gnu

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1522 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299790 |

📦 Dependency: @next/swc-linux-arm64-musl

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 | | From | activity |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1521 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299809 |

📦 Dependency: @next/swc-linux-x64-gnu

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Package activity | 9.6 | | Trust-summary | 8.8 | | Provenance | verified_provenance_match | | User activity | 9.2 | | Repository activity | 10 | | From | activity |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1638 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299901 |

📦 Dependency: @next/swc-linux-x64-musl

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.8 | | User activity | 9.2 | | Repository activity | 10 | | From | activity |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1507 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299924 |

📦 Dependency: @next/swc-win32-arm64-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1520 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299998 |

📦 Dependency: @next/swc-win32-ia32-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Trust-summary | 8.5 | | Provenance | verified_provenance_match | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1464 | | Number of git tags or releases | 721 | Versions matched to tags or releases | 374 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=142737793 |

📦 Dependency: @next/swc-win32-x64-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1636 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300052 |

📦 Dependency: next

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.9 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 2836 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 403 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300415 |
stacklok-cloud-staging[bot] commented 1 day ago

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @next/env

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1895 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300467 |

📦 Dependency: @next/swc-darwin-arm64

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1643 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299727 |

📦 Dependency: @next/swc-darwin-x64

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.7 | | Provenance | verified_provenance_match | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1639 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299729 |

📦 Dependency: @next/swc-linux-arm64-gnu

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1522 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299790 |

📦 Dependency: @next/swc-linux-arm64-musl

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1521 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299809 |

📦 Dependency: @next/swc-linux-x64-gnu

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Trust-summary | 8.8 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1638 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299901 |

📦 Dependency: @next/swc-linux-x64-musl

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.8 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1507 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299924 |

📦 Dependency: @next/swc-win32-arm64-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 | | Repository activity | 10 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1520 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147299998 |

📦 Dependency: @next/swc-win32-ia32-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Trust-summary | 8.5 | | Provenance | verified_provenance_match | | User activity | 9.2 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1464 | | Number of git tags or releases | 721 | Versions matched to tags or releases | 374 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=142737793 |

📦 Dependency: @next/swc-win32-x64-msvc

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match | | Trust-summary | 8.7 | | User activity | 9.2 |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 1636 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 406 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300052 |

📦 Dependency: next

Trusty Score: 0

Scoring details | Component | Score | | ------------------- | ----: | | Trust-summary | 8.9 | | User activity | 9.2 | | Repository activity | 10 | | From | activity | | Package activity | 9.6 | | Provenance | verified_provenance_match |
Proof of Origin (Provenance) __This package can be linked back to its source code using a historical provenance map.__ We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin. | | | | ------------------- | ----: | | Published package versions | 2836 | | Number of git tags or releases | 748 | Versions matched to tags or releases | 403 | __This package has been digitally signed using sigtore.__ | | | | ------------------- | ----: | | Source repository | https://github.com/vercel/next.js | | Cerificate Issuer | CN=sigstore-intermediate,O=sigstore.dev | | GitHub action workflow | .github/workflows/build_and_deploy.yml | | Rekor (public ledger) entry | https://search.sigstore.dev/?logIndex=147300415 |